Privacy Policy

Instructions

  • Please read the Terms of Use and Privacy Policy carefully. If you disagree with any of the provisions, you must discontinue your use of this website and all other Activate online platforms.

1. INTRODUCTION

1.1. This Privacy Policy is a contract between each User and the Firm governing the use of Activate.

1.2. By accessing, registering for or using Activate in any manner:

1.2.1. You agree to be bound by the Terms of Use, this Privacy Policy and any ancillary documents; and

1.2.2. You consent to collection transmission processing storage and use of your data (including Personal Data) as set out in this Privacy Policy.

1.3. This Privacy Policy shall apply with effect from 1st October 2021.

2. DEFINITION OF TERMS AND INTERPRETATION

2.1. Definition of Terms

In this Privacy Policy unless otherwise expressly indicated or the context otherwise requires:

2.1.1. “Permitted Use” refers to use of Personal Data for purposes of operation and maintenance of Activate including general administration, generating content, payment processing, subscription management, access management, customer management, communication, usage monitoring, fault resolution, security, statutory compliance, and ancillary functions.

2.1.2. “Personal Data” has the meaning ascribed in the Data Protection Act (No. 24 of 2019) (as modified from time to time).

2.1.3. “Sensitive Personal Data” has the meaning ascribed in the Data Protection Act (No. 24 of 2019) (as modified from time to time).

2.1.4. “Secret Data” means any data which, by its nature, should not be disclosed to a third party for example PIN numbers, passwords and trade secrets.

2.2. Interpretation

2.2.1. Unless otherwise expressly indicated or the context otherwise requires, capitalized terms contained in this Privacy Policy have the meaning ascribed in the Terms of Use and Privacy Policy.

2.2.2. This Privacy Policy is supplemental to the Terms of Use and shall be read as part and parcel of the Terms of Use. In the event of any conflict between the Privacy Policy and the Terms of Use the provisions of the Privacy Policy shall prevail.

3. SAFEGUARDS

3.1. Our Commitment: To prevent unauthorised access to Personal Data, we have put in place robust measures to ensure IT security and data privacy in accordance with industry standards and the laws of Kenya. We conduct monitoring and periodic checks to assess the security of our IT systems. We endeavour to stay informed on emerging threats and solutions so that we can implement the necessary precautions.

3.2. User Data Input Restriction: Users are strictly prohibited from submitting Sensitive Personal Data and Secret Data through Activate because our IT systems are not designed to process and store such data. We only require a User to key in his/her mobile money PIN number on his/her mobile device to facilitate payment processing where the subscription transaction has been manually initiated by the User on our website. In all other instances, Users are solely responsible for any Sensitive Personal Data or Secret Data that they choose to disclose, and the Firm accepts no responsibility for any data privacy violations in this regard.

3.3. User Account Management: Users who have created an account in an Activate platform can access their Personal Data by logging in to the respective account. We require Users to manage their Activate accounts in a manner that will not expose their data and our systems to undue risks. For more information on Privacy and Security Guidelines please refer to the Frequently Asked Questions (FAQs).

3.4. Third Party Websites: Where links or references to third-party websites or other resources are provided, please note that such third-party resources have independent privacy policies and practices that are not within our control. Caution is advised when sharing data with third parties.

4. DATA HANDLING

4.1. Cookie Data: Activate and its third-party extensions use strictly necessary cookies to perform essential functions in accordance with the Permitted Use. Collection of the cookie data is therefore mandatory. Such cookie data includes HTTP protocol elements, referring URL, user agent, device used, operating system, browser type, IP address, geographical location, links clicked, login frequency and user input data.

4.2. User Input Data: The input data required from Users in registration forms and tickets is limited to what is necessary to facilitate service delivery. Where circumstances permit, submission of User data is made optional.

4.3 Opt-in / Opt-out: Users who subscribe to an Activate mailing list may opt out by clicking on the “unsubscribe” link provided in the emails. However, Subscribers cannot opt out from receiving notifications relating to account management.

4.4. Payment Data: Payment data is collected through secure web pages that are administered by the designated payment gateways, then processed by, transmitted to and stored by the respective payment gateways and payment processors.

4.5. Content-Related Suggestions: Users are invited to voluntarily submit suggestions to help us improve Activate content. Suggestions may be submitted through the My Query portal either anonymously or through an account created by the User. We recommend that suggestions be submitted anonymously. If a User opts to create an account in the My Query portal, the User’s data shall be handled in accordance with this Privacy Policy. In any event, Users are prohibited from including any Sensitive Personal Data or Secret Data in the suggestion form or attachments.

4.6. Third-Party Service Providers; Transfer of Data Outside Kenya: User data (including Personal Data) is accessible to the Firm’s third party service providers who collect, transmit, process and store such data for purposes of fulfilling certain functions on our behalf including but not limited to web hosting, data archiving, security, content management, subscription management, payment processing, access control, customer management, communication, and general administration. We select service providers that comply with industry best practices including:

  • Not storing Personal Data or Secret Data in their own servers; and/or
  • Encrypting Personal Data in transit and at rest; and/or
  • Attaining compliance certification for physical and network security; and/or
  • Complying with the European Union (EU) Regulation 2016/679 commonly referred to as the General Data Protection Regulation or GDPR.

Personal Data is transmitted to, processed and stored in servers situated in various locations including United States of America, Europe, India and Nigeria. Our service providers may share Personal Data with other third parties including affiliated companies and their service providers.

4.7. Data Storage Period: Data on completed transactions is retained for a minimum of seven (7) years, and may thereafter be aggregated, archived or destroyed at our discretion. Suggestions and fault resolution communication are retained in raw form for a minimum of ninety (90) days, after which such data may be aggregated and archived indefinitely.

4.8. Engagement Through Public or Group Forums: You acknowledge that viral dissemination of information via publicly-accessible communication channels (including social media) is in perpetuity and not under the control of the Firm, and accordingly the Firm shall not be responsible for any unauthorized disclosure or use of data that you may submit through any publicly-accessible communication medium or group forum.

4.9. Exceptions: Save as set out in this Privacy Policy, we shall not re-sell, disclose nor use your Personal Data other than:

4.9.1. With your prior consent; or

4.9.2. As required by law or pursuant to a court order.

5. REQUESTS AND COMPLAINTS

If you would like to request for rectification or erasure of your Personal Data or you have a complaint, please submit a ticket through the Tech Support portal. Please note that certain data sets may be retained for purposes of statutory compliance, fault resolution and/or dispute resolution.